{"title":"Deployment challenges in log-based PKI enhancements","authors":"S. Matsumoto, Pawel Szalachowski, A. Perrig","doi":"10.1145/2751323.2751324","DOIUrl":null,"url":null,"abstract":"Log-based PKI enhancements propose to improve the current TLS PKI by creating public logs to monitor CA operations, thus providing transparency and accountability. In this paper we take the first steps in studying the deployment process of log-based PKI enhancements in two ways. First, we model the influences that parties in the PKI have to incentivize one another to deploy a PKI enhancement, and determine that potential PKI enhancements should focus their initial efforts on convincing browser vendors to deploy. Second, as a promising vendor-based solution we propose deployment status filters, which use a Bloom filter to monitor deployment status and efficiently defend against downgrade attacks from the enhanced protocol to the current TLS PKI. Our results provide promising deployment strategies for log-based PKI enhancements and raise additional questions for further fruitful research.","PeriodicalId":123258,"journal":{"name":"Proceedings of the Eighth European Workshop on System Security","volume":"PP 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Eighth European Workshop on System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2751323.2751324","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18
Abstract
Log-based PKI enhancements propose to improve the current TLS PKI by creating public logs to monitor CA operations, thus providing transparency and accountability. In this paper we take the first steps in studying the deployment process of log-based PKI enhancements in two ways. First, we model the influences that parties in the PKI have to incentivize one another to deploy a PKI enhancement, and determine that potential PKI enhancements should focus their initial efforts on convincing browser vendors to deploy. Second, as a promising vendor-based solution we propose deployment status filters, which use a Bloom filter to monitor deployment status and efficiently defend against downgrade attacks from the enhanced protocol to the current TLS PKI. Our results provide promising deployment strategies for log-based PKI enhancements and raise additional questions for further fruitful research.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
